Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / c0f7c04c3041b951defd78886f86fde99dcd8c08 / . / import-layers / yocto-poky / meta / recipes-core / meta / signing-keys.bb
blob: 37790373a1d0a001f31116770c1ed159fad3fd17 [file] [log] [blame]
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]1# Copyright (C) 2015 Intel Corporation
2# Released under the MIT license (see COPYING.MIT for the terms)
3
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600[diff] [blame^]4SUMMARY = "Makes public keys of the signing keys available"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]5LICENSE = "MIT"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]6LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
7 file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]8
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]9
10inherit allarch deploy
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]11
12EXCLUDE_FROM_WORLD = "1"
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]13INHIBIT_DEFAULT_DEPS = "1"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]14
Patrick Williamsc0f7c042017-02-23 20:41:17 -0600[diff] [blame^]15SYSROOT_DIRS += "${sysconfdir}/pki"
16
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]17PACKAGES =+ "${PN}-ipk ${PN}-rpm ${PN}-packagefeed"
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]18
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]19FILES_${PN}-rpm = "${sysconfdir}/pki/rpm-gpg"
20FILES_${PN}-ipk = "${sysconfdir}/pki/ipk-gpg"
21FILES_${PN}-packagefeed = "${sysconfdir}/pki/packagefeed-gpg"
22
23python do_get_public_keys () {
24 from oe.gpg_sign import get_signer
25
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]26 if d.getVar("RPM_SIGN_PACKAGES", True):
27 # Export public key of the rpm signing key
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]28 signer = get_signer(d, d.getVar('RPM_GPG_BACKEND', True))
29 signer.export_pubkey(os.path.join(d.expand('${B}'), 'rpm-key'),
30 d.getVar('RPM_GPG_NAME', True))
31
32 if d.getVar("IPK_SIGN_PACKAGES", True):
33 # Export public key of the ipk signing key
34 signer = get_signer(d, d.getVar('IPK_GPG_BACKEND', True))
35 signer.export_pubkey(os.path.join(d.expand('${B}'), 'ipk-key'),
36 d.getVar('IPK_GPG_NAME', True))
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]37
38 if d.getVar('PACKAGE_FEED_SIGN', True) == '1':
39 # Export public key of the feed signing key
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]40 signer = get_signer(d, d.getVar('PACKAGE_FEED_GPG_BACKEND', True))
41 signer.export_pubkey(os.path.join(d.expand('${B}'), 'pf-key'),
42 d.getVar('PACKAGE_FEED_GPG_NAME', True))
Patrick Williamsf1e5d692016-03-30 15:21:19 -0500[diff] [blame]43}
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]44do_get_public_keys[cleandirs] = "${B}"
45addtask get_public_keys before do_install
46
47do_install () {
48 if [ -f "${B}/rpm-key" ]; then
49 install -D -m 0644 "${B}/rpm-key" "${D}${sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-${DISTRO_VERSION}"
50 fi
51 if [ -f "${B}/ipk-key" ]; then
52 install -D -m 0644 "${B}/ipk-key" "${D}${sysconfdir}/pki/ipk-gpg/IPK-GPG-KEY-${DISTRO_VERSION}"
53 fi
54 if [ -f "${B}/pf-key" ]; then
55 install -D -m 0644 "${B}/pf-key" "${D}${sysconfdir}/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
56 fi
57}
58
Patrick Williamsd8c66bc2016-06-20 12:57:21 -0500[diff] [blame]59do_deploy () {
60 if [ -f "${B}/rpm-key" ]; then
61 install -D -m 0644 "${B}/rpm-key" "${DEPLOYDIR}/RPM-GPG-KEY-${DISTRO_VERSION}"
62 fi
63 if [ -f "${B}/ipk-key" ]; then
64 install -D -m 0644 "${B}/ipk-key" "${DEPLOYDIR}/IPK-GPG-KEY-${DISTRO_VERSION}"
65 fi
66 if [ -f "${B}/pf-key" ]; then
67 install -D -m 0644 "${B}/pf-key" "${DEPLOYDIR}/PACKAGEFEED-GPG-KEY-${DISTRO_VERSION}"
68 fi
69}
70do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_RPM}"
71# cleandirs should possibly be in deploy.bbclass but we need it
72do_deploy[cleandirs] = "${DEPLOYDIR}"
73# clear stamp-extra-info since MACHINE is normally put there by deploy.bbclass
74do_deploy[stamp-extra-info] = ""
75addtask deploy after do_get_public_keys